Describe security methods designed to protect the security of data

Resources | Subject Notes | Computer Science

Cambridge A-Level Computer Science 9618 - 6.1 Data Security

6.1 Data Security

Data security is crucial in modern computing to protect information from unauthorized access, use, disclosure, disruption, modification, or destruction. This section describes various security methods designed to safeguard data.

Authentication

Authentication is the process of verifying the identity of a user, device, or system. It ensures that only authorized entities can access resources.

  • Passwords: A secret string of characters used to verify identity.
  • Two-Factor Authentication (2FA): Requires two independent factors for verification, such as a password and a code from a mobile app.
  • Biometrics: Uses unique biological characteristics like fingerprints, facial recognition, or iris scans for identification.
  • Smart Cards: Physical cards containing an integrated circuit that stores authentication information.

Access Control

Access control mechanisms restrict who can access specific data or resources and what actions they can perform.

  • Discretionary Access Control (DAC): Access is determined by the owner of the resource.
  • Mandatory Access Control (MAC): Access is controlled by the operating system based on predefined security labels.
  • Role-Based Access Control (RBAC): Access is granted based on the roles a user holds within an organization.
  • Attribute-Based Access Control (ABAC): Access is determined by a combination of attributes of the user, resource, and environment.

Encryption

Encryption transforms data into an unreadable format (ciphertext) using an algorithm and a key. Only those with the correct key can decrypt the data back to its original form (plaintext).

Type of Encryption Description Use Case
Symmetric Encryption Uses the same key for encryption and decryption. Encrypting large amounts of data, such as file storage. Examples: AES, DES.
Asymmetric Encryption Uses a pair of keys: a public key for encryption and a private key for decryption. Secure key exchange, digital signatures. Examples: RSA, ECC.
Hashing Creates a fixed-size string (hash) from data. One-way process; cannot be reversed. Password storage, data integrity checks. Examples: SHA-256, MD5 (less secure).

Firewalls

Firewalls act as a barrier between a network and external networks, controlling incoming and outgoing network traffic based on predefined rules.

  • Packet Filtering Firewalls: Examine individual network packets.
  • Stateful Inspection Firewalls: Track the state of network connections.
  • Next-Generation Firewalls (NGFWs): Include advanced features like intrusion prevention and application control.

Intrusion Detection and Prevention Systems (IDS/IPS)

IDS monitors network traffic for malicious activity. IPS takes proactive steps to block or prevent detected intrusions.

Data Loss Prevention (DLP)

DLP systems monitor data in use, in motion, and at rest to prevent sensitive information from leaving the organization's control.

Secure Coding Practices

Writing code with security in mind helps prevent vulnerabilities from being introduced into software.

  • Input validation
  • Output encoding
  • Avoiding buffer overflows
  • Secure authentication and authorization mechanisms

Data Backup and Recovery

Regularly backing up data and having a recovery plan ensures that data can be restored in the event of data loss or corruption.